Version update 1.8.4 (#504)

* Version update 1.8.4

* [~] close ping frame attack protection in default case

* [~] fix lack of parameters

* [~] fix lack of .lds

* [=] fix cmake version requirement

Author: cherylsy

CMakeLists.txt

@@ -1,6 +1,6 @@
 # Copyright (c) 2022, Alibaba Group Holding Limited
 
-cmake_minimum_required (VERSION 2.6)
+cmake_minimum_required (VERSION 3.5)
 project (xquic)
 
 set (xquic_VERSION_MAJOR 0)
@@ -19,6 +19,7 @@ option (XQC_ENABLE_FEC "enable fec" OFF)
 option (XQC_ENABLE_XOR "enable fec scheme xor" OFF)
 option (XQC_ENABLE_RSC "enable fec scheme reed-solomon code" OFF)
 option (XQC_ENABLE_PKM "enable fec scheme packet mask" OFF)
+option (XQC_PING_ATTACK_PROTECT "enable ping attack protection" OFF)
 
 if(NOT CMAKE_BUILD_TYPE)
     set(CMAKE_BUILD_TYPE Release)

cmake/CMakeLists.txt

@@ -1,6 +1,6 @@
 # Copyright (c) 2022, Alibaba Group Holding Limited
 
-cmake_minimum_required (VERSION 2.6)
+cmake_minimum_required (VERSION 3.5)
 project (xquic)
 
 set (xquic_VERSION_MAJOR 0)

demo/demo_client.c

@@ -207,6 +207,12 @@ typedef struct xqc_demo_cli_quic_config_s {
     int recreate_path;
     int close_path_id;
 
+    int use_x25519;
+
+    xqc_msec_t path0_rebind_time;
+    xqc_msec_t path1_rebind_time;
+    uint8_t read_old_sockets;
+
 } xqc_demo_cli_quic_config_t;
 
 
@@ -1378,16 +1384,22 @@ xqc_demo_cli_socket_read_handler(xqc_demo_cli_user_conn_t *user_conn, int fd)
         {
             user_path = &user_conn->paths[i];
         }
+
+        if (user_conn->paths[i].is_active
+            && user_conn->paths[i].rebind_fd == fd)
+        {
+            user_path = &user_conn->paths[i];
+        }
+
     }
 
     if (user_path == NULL) {
         return;
     }
 
-    // printf("socket read: path%"PRIu64" fd:%d\n", user_path->path_id, user_path->fd);
 
     do {
-        recv_size = recvfrom(user_path->fd, packet_buf, sizeof(packet_buf), 0,
+        recv_size = recvfrom(fd, packet_buf, sizeof(packet_buf), 0,
                             (struct sockaddr *)&addr, &addr_len);
         if (recv_size < 0 && get_sys_errno() == EAGAIN) {
             break;
@@ -1398,7 +1410,7 @@ xqc_demo_cli_socket_read_handler(xqc_demo_cli_user_conn_t *user_conn, int fd)
         }
 
         user_path->local_addrlen = sizeof(struct sockaddr_in6);
-        xqc_int_t ret = getsockname(user_path->fd, (struct sockaddr*)&user_path->local_addr,
+        xqc_int_t ret = getsockname(fd, (struct sockaddr*)&user_path->local_addr,
                                     &user_path->local_addrlen);
         if (ret != 0) {
             printf("getsockname error, errno: %d\n", get_sys_errno());
@@ -1578,11 +1590,13 @@ xqc_demo_cli_rebind_path0(int fd, short what, void *arg)
         // change fd
         int temp = user_conn->paths[0].fd;
         user_conn->paths[0].fd = user_conn->paths[0].rebind_fd;
-        user_conn->paths[0].rebind_fd = user_conn->paths[0].fd;
+        user_conn->paths[0].rebind_fd = temp;
 
         //stop read from the old socket
-        event_del(user_conn->paths[0].ev_socket);
-        user_conn->paths[0].ev_socket = NULL;
+        if (!user_conn->ctx->args->quic_cfg.read_old_sockets) {
+            event_del(user_conn->paths[0].ev_socket);
+            user_conn->paths[0].ev_socket = NULL;
+        }
 
         xqc_h3_conn_send_ping(user_conn->ctx->engine, &user_conn->cid, NULL);
     }
@@ -1596,10 +1610,12 @@ xqc_demo_cli_rebind_path1(int fd, short what, void *arg)
         // change fd
         int temp = user_conn->paths[1].fd;
         user_conn->paths[1].fd = user_conn->paths[1].rebind_fd;
-        user_conn->paths[1].rebind_fd = user_conn->paths[1].fd;
+        user_conn->paths[1].rebind_fd = temp;
 
-        event_del(user_conn->paths[1].ev_socket);
-        user_conn->paths[1].ev_socket = NULL;
+        if (!user_conn->ctx->args->quic_cfg.read_old_sockets) {
+            event_del(user_conn->paths[1].ev_socket);
+            user_conn->paths[1].ev_socket = NULL;
+        }
 
         xqc_h3_conn_send_ping(user_conn->ctx->engine, &user_conn->cid, NULL);
     }
@@ -1661,6 +1677,10 @@ xqc_demo_cli_init_conn_ssl_config(xqc_conn_ssl_config_t *conn_ssl_config,
         conn_ssl_config->transport_parameter_data = args->quic_cfg.tp;
         conn_ssl_config->transport_parameter_data_len = args->quic_cfg.tp_len;
     }
+
+    if (args->quic_cfg.use_x25519) {
+        conn_ssl_config->tls_groups = XQC_TLS_GROUP_X25519_FIRST;
+    }
 }
 
 void
@@ -1765,6 +1785,7 @@ xqc_demo_cli_init_args(xqc_demo_cli_client_args_t *args)
     args->quic_cfg.close_path_id = 1;
     args->quic_cfg.backup_path_id = 1;
     args->quic_cfg.quic_version = XQC_VERSION_V1;
+    args->quic_cfg.use_x25519 = 0;
 
     args->req_cfg.throttled_req = -1;
 
@@ -1919,23 +1940,25 @@ xqc_demo_cli_usage(int argc, char *argv[])
         "   -B    Set initial path standby after recvd first application data, and set initial path available after X ms\n"
         "   -I    Idle interval between requests (ms)\n"
         "   -n    Throttling the {1,2,...}xn-th requests\n"
-        "   -e    NAT rebinding on path 0\n"
-        "   -E    NAT rebinding on path 1\n"
+        "   -e    NAT rebinding on path 0 after x ms\n"
+        "   -E    NAT rebinding on path 1 after x ms\n"
+        "   -O    Also read packets from old sockets after rebinding\n"
         "   -F    MTU size (default: 1200)\n"
         "   -G    Google connection options (e.g. CBBR,TBBR)\n"
         "   -x    Extend the number of requests to X\n"
         "   -r    Send X requests per batch\n"
         "   -y    cid rotation after x ms\n"
         "   -Y    cid retirement after x ms\n"
         "   -f    max path id\n"
+        "   -5    use X25519 group as the first choice\n"
         , prog);
 }
 
 void
 xqc_demo_cli_parse_args(int argc, char *argv[], xqc_demo_cli_client_args_t *args)
 {
     int ch = 0;
-    while ((ch = getopt(argc, argv, "a:p:c:Ct:S:0m:A:D:l:L:k:K:U:u:dMoi:w:Ps:b:Z:NQT:R:V:B:I:n:eEF:G:r:x:y:Y:f:z:q6")) != -1) {
+    while ((ch = getopt(argc, argv, "a:p:c:Ct:S:0m:A:D:l:L:k:K:U:u:dMoi:w:Ps:b:Z:NQT:R:V:B:I:n:e:E:F:G:r:x:y:Y:f:z:q65O")) != -1) {
         switch (ch) {
         /* server ip */
         case '6':
@@ -2184,12 +2207,19 @@ xqc_demo_cli_parse_args(int argc, char *argv[], xqc_demo_cli_client_args_t *args
         case 'e':
             printf("option rebinding path0 after 2s\n");
             args->net_cfg.rebind_p0 = 1;
+            args->quic_cfg.path0_rebind_time = atoi(optarg);
             break;
 
         case 'E':
             printf("option rebinding path1 after 3s\n");
             args->net_cfg.rebind_p1 = 1;
-            break;     
+            args->quic_cfg.path1_rebind_time = atoi(optarg);
+            break;    
+            
+        case 'O':
+            printf("also read from old sockets after rebinding\n");
+            args->quic_cfg.read_old_sockets = 1;
+            break;
 
         case 'F':
             printf("MTU size: %s\n", optarg);
@@ -2216,6 +2246,11 @@ xqc_demo_cli_parse_args(int argc, char *argv[], xqc_demo_cli_client_args_t *args
             args->quic_cfg.init_max_path_id = atoi(optarg);
             break;
 
+        case '5':
+            printf("use x25519\n");
+            args->quic_cfg.use_x25519 = 1;
+            break;
+
         default:
             printf("other option :%c\n", ch);
             xqc_demo_cli_usage(argc, argv);
@@ -2730,8 +2765,8 @@ xqc_demo_cli_start(xqc_demo_cli_user_conn_t *user_conn, xqc_demo_cli_client_args
                                                xqc_demo_cli_rebind_path0, 
                                                user_conn);
         struct timeval tv = {
-            .tv_sec = 2,
-            .tv_usec = 0,
+            .tv_sec = args->quic_cfg.path0_rebind_time / 1000,
+            .tv_usec = (args->quic_cfg.path0_rebind_time % 1000) * 1000,
         };
         event_add(user_conn->ev_rebinding_p0, &tv);
     }
@@ -2741,8 +2776,8 @@ xqc_demo_cli_start(xqc_demo_cli_user_conn_t *user_conn, xqc_demo_cli_client_args
                                                xqc_demo_cli_rebind_path1, 
                                                user_conn);
         struct timeval tv = {
-            .tv_sec = 3,
-            .tv_usec = 0,
+            .tv_sec = args->quic_cfg.path1_rebind_time / 1000,
+            .tv_usec = (args->quic_cfg.path1_rebind_time % 1000) * 1000,
         };
         event_add(user_conn->ev_rebinding_p1, &tv);
     }

include/xquic/xquic.h

@@ -72,7 +72,9 @@ typedef enum xqc_proto_version_s {
 
 #define XQC_RESET_TOKEN_MAX_KEY_LEN     256
 
-
+#define XQC_TOKEN_MAX_KEY_VERSION       4
+#define XQC_TOKEN_VERSION_MASK          3
+#define XQC_TOKEN_MAX_KEY_LEN           256
 /**
  * the max message count of iovec in sendmmsg
  */
@@ -417,6 +419,17 @@ typedef void (*xqc_conn_ready_to_create_path_notify_pt)(const xqc_cid_t *scid,
 typedef xqc_int_t (*xqc_conn_cert_cb_pt)(const char *sni,
     void **chain, void **crt, void **key, void *user_data);
 
+typedef void (*xqc_conn_ssl_msg_cb_pt)(int msg_type, 
+    const void *msg, size_t msg_len, void *user_data);
+
+/**
+ * @brief to determine whether to send a retry packet
+ * @return XQC_TRUE(1): meet condition to send a retry packet
+ *         XQC_FALSE(0): don't meet condition to send a retry packet or  an error occurred while judging the condition
+ */
+typedef int (*xqc_conn_retry_packet_pt)(xqc_engine_t *engine, xqc_connection_t *conn,
+    const xqc_cid_t *cid, void *user_data);
+
 /**
  * @brief multi-path create callback function
  *
@@ -703,6 +716,17 @@ typedef struct xqc_transport_callbacks_s {
      */
     xqc_conn_cert_cb_pt                     conn_cert_cb;
 
+    xqc_conn_ssl_msg_cb_pt                  conn_ssl_msg_cb;
+    /**
+     * @brief check the conditions to send retry packet
+     */
+    xqc_conn_retry_packet_pt                conn_retry_packet_condition_check;
+    /**
+     * @brief server send packet before server accept the connection.
+     * for example, retry packet is sent when the application layer connection has not been established, 
+     */
+    xqc_socket_write_pt                     conn_send_packet_before_accept;
+
 } xqc_transport_callbacks_t;
 
 
@@ -1165,6 +1189,11 @@ typedef struct xqc_config_s {
 
     /** for warning when the number of elements in one bucket exceeds the value of hash_conflict_threshold*/
     uint32_t        hash_conflict_threshold;
+
+    /* used to encrypt token */
+    unsigned char   token_key_list[XQC_TOKEN_MAX_KEY_VERSION][XQC_TOKEN_MAX_KEY_LEN];
+    uint16_t        tk_len_list[XQC_TOKEN_MAX_KEY_VERSION];
+    uint8_t         cur_tk_index; /* current used token key version */
 } xqc_config_t;
 
 
@@ -1261,6 +1290,11 @@ typedef struct xqc_conn_ssl_config_s {
      * certificate verify flag. which is a bit-map flag defined in xqc_cert_verify_flag_e
      */
     uint8_t     cert_verify_flag;
+
+    /**
+     * ssl curve list (groups). If not set, xquic will use the default engine-level value.
+     */
+    xqc_tls_group_type_t   tls_groups;
 } xqc_conn_ssl_config_t;
 
 typedef struct xqc_linger_s {
@@ -1490,6 +1524,13 @@ typedef struct xqc_conn_settings_s {
     uint64_t                    receive_timestamps_exponent;
 
     uint8_t                     disable_pn_skipping;
+    
+    /* The client can specify its own scid or dcid. Default: 0 */
+    uint8_t                     specify_client_scid;
+    uint8_t                     client_scid[XQC_MAX_CID_LEN];
+    uint8_t                     specify_client_dcid;
+    uint8_t                     client_dcid[XQC_MAX_CID_LEN];
+    
 } xqc_conn_settings_t;
 
 

include/xquic/xquic_typedef.h

@@ -229,6 +229,7 @@ typedef struct xqc_http_priority_s {
     uint8_t                 schedule;
     uint8_t                 reinject;
     uint32_t                fec;
+    uint8_t                 fastpath;
 } xqc_h3_priority_t;
 
 /* ALPN definition */
@@ -333,4 +334,17 @@ typedef enum {
     XQC_APP_PATH_STATUS_MAX,
 } xqc_app_path_status_t;
 
+typedef enum xqc_tls_msg_type_e {
+    XQC_TLS_1_3_CLIENT_HELLO,
+    XQC_TLS_1_3_SERVER_HELLO
+} xqc_tls_msg_type_t;
+
+typedef enum xqc_tls_group_type_e {
+    XQC_TLS_GROUP_DEFAULT      = 0,
+    XQC_TLS_GROUP_P256_FIRST   = 1,
+    XQC_TLS_GROUP_X25519_FIRST = 2,
+    XQC_TLS_GROUP_P384_FIRST   = 3,
+    XQC_TLS_GROUP_P521_FIRST   = 4,
+} xqc_tls_group_type_t;
+
 #endif /*_XQUIC_TYPEDEF_H_INCLUDED_*/

scripts/case_test.sh

@@ -57,7 +57,8 @@ fi
 
 
 echo -e "server refuse ...\c"
-${CLIENT_BIN} -x 46 -t 10 >> stdlog
+${CLIENT_BIN} -x 46 -t 1 >> stdlog
+sleep 10
 result=`grep "conn close notified by refuse" slog`
 if [ -n "$result" ]; then
     echo ">>>>>>>> pass:1"
@@ -756,6 +757,29 @@ else
 fi
 rm -f test_session
 
+clear_log
+echo -e "retry packet send ...\c"
+killall test_server
+rm -f xqc_token
+${SERVER_BIN} -l d -e -x 601 > /dev/null &
+sleep 1
+result=`${CLIENT_BIN} -s 1024 -l d -t 1 -E --conn_options CBBR|grep ">>>>>>>> pass"`
+errlog=`grep_err_log`
+slog_res=`grep -E "<==.*xqc_conn_send_retry ok" slog`
+clog_res=`grep -E "packet_parse_retry" clog`
+#echo "$result"
+if [ -z "$errlog" ] && [ "$result" == ">>>>>>>> pass:1" ] && [ -n "$slog_res" ] && [ -n "$clog_res" ]; then
+    echo ">>>>>>>> pass:1"
+    case_print_result "retry_packet_send" "pass"
+else
+    echo ">>>>>>>> pass:0"
+    case_print_result "retry_packet_send" "fail"
+    echo "$errlog"
+    echo "$slog_res"
+    echo "$clog_res"
+fi
+
+
 
 clear_log
 echo -e "server cid negotiate ...\c"
@@ -860,7 +884,6 @@ else
     echo "$errlog"
 fi
 
-
 clear_log
 echo -e "send 1K data ...\c"
 result=`${CLIENT_BIN} -s 1024 -l d -t 1 -E --conn_options CBBR|grep ">>>>>>>> pass"`
@@ -4922,4 +4945,4 @@ else
     case_print_result "ack_timestamp_frame_case_6" "fail"
 fi
 
-cd -
+cd -

scripts/xquic.lds

@@ -128,6 +128,7 @@ XQUIC_VERS_1.0 {
         xqc_reed_solomon_code_cb;
         xqc_xor_code_cb;
         xqc_packet_mask_code_cb;
+        xqc_conn_set_init_idle_timeout;
     local:
         *;
 };